On Sat, Jul 9, 2016 at 2:35 AM, Paul Dyer <pmdyermms@gmail.com> wrote:
> Hi,
>
> back in 2015, with the first install of ovirt, I used a domain of
> xxxportal.com. Since the client has an xxxcentral.com wildcard
> certificate, I added changed the hostname and domainname, and added the
> cert/cacert to the apache webpage.
>
> The pki on ovirt and vdsm (host) both still have the original xxxportal.com
> domain. I am looking for a way to wipe away the old domain.
>
> Do I need to remove the host (not hosted engine), drop the
> datacenter/cluster, and build from a clean db?
Basically yes. See also:
https://www.ovirt.org/documentation/how-to/networking/changing-engine-hostname/
If you have lots of data in your engine (hosts, VMs etc), you might manage to
keep most of it by something like this, didn't try that:
1. Shutdown all VMs and move all hosts to maintenance
2. Stop ovirt-engine service
3. mv /etc/pki/ovirt-engine /etc/pki/ovirt-engine-backup-before-recreation
4. yum reinstall ovirt-engine-backend, or copy back from above backup
only these, without the files they hold (for directories), but keep
owner/permissions:
cacert.template.in certs cert.template.in keys openssl.conf
private requests
5. engine-setup
It will notice pki is removed and recreate it for you
You might need to change admin password because it's encrypted with engine's key
6. Connect to web admin, and per host:
6.1. Right click -> Enroll Certificate
6.2. You might need Right-Click -> Reinstall
6.3. Activate
This should be enough, more-or-less. You might want, just in case,
before step 6,
to connect to all hosts and remove stuff under /etc/pki, but I didn't check
what exactly.
Best,
--
Didi